This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Canot run lua script in tshark

0

I am using wireshark/tshark 1.10.6 on ubuntu 12.04. When trying to run

tshark -X lua_script:hello.lua

I don't see the "hello.lua" got executed (which should print "hello").

Yes, I have set the /usr/share/wireshark/init.lua to have

....
-- Set disable_lua to true to disable Lua support.
disable_lua = false

if disable_lua then return end ….

The strange thing is, when I run tshark with strace, I don’t see it attempted to open init.lua at all.

Any idea why? Thanks!

EDIT 1 Thanks to Hadriel who pointed out my error in writing. I updated the problem statement

EDIT 2 I am not running it as root, just want to run a lua script using tshark with an input pcap file.

$ tshark -v
TShark 1.10.6 (Git Rev Unknown from unknown)

Copyright 1998-2014 Gerald Combs <[email protected]> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.32.4, with libpcap, with libz 1.2.3.4, without POSIX capabilities, without libnl, without SMI, with c-ares 1.7.5, without Lua, without Python, without GnuTLS, without Gcrypt, without Kerberos, without GeoIP.

Running on Linux 3.2.0-64-generic, with locale en_US.UTF-8, with libpcap version 1.1.1, with libz 1.2.3.4. Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz

Built using gcc 4.6.3.

asked 10 Feb ‘15, 11:12

sharkfun's gravatar image

sharkfun
26559
accept rate: 0%

edited 10 Feb ‘15, 20:49


2 Answers:

1

OK, so the problem is the version info says "without Lua", which means support for Lua wasn't compiled into tshark/wireshark when it was built for your platform. Therefore it won't load init.lua or anything Lua-related.

Did Wireshark come with Ubuntu, or did you get it from an RPM installer (i.e., apt-get/yum/whatever)?

answered 10 Feb '15, 22:18

Hadriel's gravatar image

Hadriel
2.7k2939
accept rate: 18%

Thanks Hadriel!

(11 Feb '15, 07:18) sharkfun

0

There should be a space between the "-X" and "lua_script:...", so like this:

tshark -X lua_script:hello.lua

Setting "disable_lua = true" in init.lua means you're disabling Lua. Why are you doing that?

Also, verify Lua is actually compiled into Wireshark, by running "tshark -v" at the command line, or in the Wireshark GUI selecting the menu Help -> About Wireshark, and in the third paragraph it should say "with Lua" somewhere.

answered 10 Feb '15, 11:20

Hadriel's gravatar image

Hadriel
2.7k2939
accept rate: 18%

Thank you Hadriel. Updated my question.

(10 Feb '15, 11:27) sharkfun

At the top of your init.lua, put this line:

print("loading init.lua")

Then see if that gets printed out, to see if init.lua is loaded.

Also, can you paste the output of "tshark -v" here?

(10 Feb '15, 11:43) Hadriel

Oh, and you're not running tshark with root privileges are you? Wireshark disables Lua by default in such cases. You have to edit the init.lua file's "run_user_scripts_when_superuser = false" line to be "run_user_scripts_when_superuser = true" to use Lua with root privileges.

(10 Feb '15, 11:47) Hadriel

Updated based on what you requested. I ran it as a normal user. Updated the original question. Thanks Hadriel!

(10 Feb '15, 20:50) sharkfun